AMENDMENTS TO THE CLAIMS : 

This listing of claims will replace all prior versions and listing of claims in the above- 
referenced application. 
Listing of Claims : 

1.-120. (Canceled). 

121. (Currently Amended) A method for monitoring an industrial network comprising: 
reporting first data about a first computer system by a first agent executing on said first 

computer system in said industrial network, said first computer system performing at least one 
of: monitoring or controlling a physical process of said industrial network, said first data 
including information about software used in connection with said physical process, wherein said 
agent sends said first data over a one way communication connection , wherein said one way 
communication connection is one way with respect to communications from said first agent 
reporting said first data at an application level, and wherein two-way communications at a 
network level lower than said application level are used to set up said one-way communication 
connection . 

122. (Original) The method of Claim 121, further comprising: 

reporting second data about communications on a connection between said industrial 
network and another network by a second agent executing on a second computer system. 

123. (Original) The method of Claim 122, wherein said second data reported by said 

second agent is included in an appliance to which said first data is sent. 
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124. (Original) The method of Claim 121, wherein said first agent reports on at least one 
of: critical file monitoring, log file for said first computer system, hardware and operating system 
of said first computer system, password and login, a specific application executing on said 
computer system wherein said application is in accordance with a particular industrial 
application of said industrial network. 

125. (Original) The method of Claim 124, wherein a plurality of agents execute on said 
first computer system monitoring said first computer system. 

126. (Previously Presented) The method of Claim 125, wherein said plurality of agents 
execute on said first computer system being monitored and said plurality of agents includes a 
master agent and other agents performing a predetermined set of monitoring tasks, said master 
agent controlling execution of said other agents. 

127. (Original) The method of Claim 126, wherein said plurality of agents report data at 
predetermined intervals to one of: an appliance and said second computer system. 

128. (Original) The method of Claim 127, further comprising performing, by at least one 
of said plurality of agents: 

obtaining data from a data source; 
parsing said data; 

performing pattern matching on said parsed data to determine events of interest; 
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recording any events of interest; 

reporting any events of interest in accordance with occurrences of selected events in a 
time interval; 

creating a message including said summary at predetermined time intervals; and 
encrypting at least one of: said message and a checksum of said message. 

129. (Original) The method of Claim 121, wherein said first data includes at least one of 
the following metrics: a number of open listen connections and a number of abnormal process 
terminations. 

130. (Original) The method of Claim 129, wherein, when a number of open listen 
connections falls below a first level, an event corresponding to a component failure is 
determined. 

131. (Original) The method of Claim 129, wherein, when a number of open listen 
connections is above a second level, an event corresponding to a new component or unauthorized 
component is determined. 

132. (Previously Presented) The method of Claim 122, wherein said second agent reports 
on network activity in accordance with a set of rules, said rules including at least one rule 
indicating events that are normal activity in a business network are flagged as suspicious in said 
industrial network. 
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133. (Original) The method of Claim 132, wherein said events include at least one of: an 
event associated with a web browser, and an event associated with e-mail. 

134. (Original) The method of Claim 122, wherein said second agent reports on an 
address binding of a physical device identifier to a network address if the physical device 
identifier of a component was not previously known, or said network address in the address 
binding is a reassignment of said network address within a predetermined time period since said 
network address was last included in an address binding. 

135. (Original) The method of Claim 122, wherein said second agent reports second data 
about a firewall, and said second data includes at least one of: a change to a saved firewall 
configuration corresponding to a predetermined threat level, a change to a current set of firewall 
configuration rules currently controlling operations between said industrial network and said 
other network. 

136. (Original) The method of Claim 135, wherein log files associated with said firewall 
are stored remotely at a location on said second computer system with log files for said second 
computer system activity. 

137. (Original) The method of Claim 122, wherein said second data includes at least one 
threat assessment from a source external to said industrial network. 
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138. (Original) The method of Claim 137, wherein said second data includes at least one 
of: a threat level indicator from a corporate network connected to said industrial network, a threat 
level indicator from a public network source, and a threat level indicator that is manually input. 

139. (Original) The method of Claim 121, further comprising: 
receiving at least said first data by a receiver; 
authenticating said first data as being sent by said first agent; and 
processing, in response to said authenticating, said first data by said receiver. 

140. (Original)The method of Claim 139, wherein said authenticating includes at least 
one of: verifying use of said first agent's encryption key, and checking validity of a message 
checksum, and using a timestamp or sequence number to detect invalid reports received by said 
receiver as being sent from said first agent. 

141. (Original)The method of Claim 121, wherein said reporting is performed in 
accordance with a threshold size indicates an amount of data that said first agent is permitted to 
transmit in a fixed periodic reporting interval. 
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142. (Currently Amended) A computer program product for monitoring an industrial 
network comprising code that: 

reports first data about a first computer system by a first agent executing on said first 
computer system in said industrial network, said first computer system performing at least one 
of: monitoring or controlling a physical process of said industrial network, said first data 
including information about software used in connection with said physical process, wherein said 
agent sends said first data over a one way communication connection wherein said one way 
communication connection is one way with respect to communications from said first agent 
reporting said first data at an application level and wherein two-way communications at a 
network level lower than said application level are used to set up said one-way communication 
connection . 

143. (Original) The computer program product of Claim 142, further comprising code 

that: 

reports second data about communications on a connection between said industrial 
network and another network by a second agent executing on a second computer system. 

144. (Original) The computer program product of Claim 143, wherein said second data 
reported by said second agent is included in an appliance to which said first data is sent. 

145. (Original) The computer program product of Claim 142, wherein said first agent 
reports on at least one of: critical file monitoring, log file for said first computer system, 
hardware and operating system of said first computer system, password and login, a specific 
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application executing on said computer system wherein said application is in accordance with a 
particular industrial application of said industrial network. 

146. (Original)The computer program product of Claim 145, wherein a plurality of agents 
execute on said first computer system monitoring said first computer system. 

147. (Previously Presentd) The computer program product of Claim 146, wherein said 
plurality of agents execute on said first computer system being monitored and said plurality of 
agents includes a master agent and other agents performing a predetermined set of monitoring 
tasks, said master agent controlling execution of said other agents. 

148. (Original) The computer program product of Claim 147, wherein said plurality of 
agents report data at predetermined intervals to one of: an appliance and said second computer 
system. 

149. (Original)The computer program product of Claim 148, further comprising code for 
performing, by at least one of said plurality of agents: 

obtaining data from a data source; 
parsing said data; 

performing pattern matching on said parsed data to determine events of interest; 
recording any events of interest; 

reporting any events of interest in accordance with occurrences of selected events in a 
time interval; 

creating a message including said summary at predetermined time intervals; and 
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encrypting at least one of: said message and a checksum of said message. 

150. (Original) The computer program product of Claim 142, wherein said first data 
includes at least one of the following metrics: a number of open listen connections and a number 
of abnormal process terminations. 

151. (Original)The computer program product of Claim 150, wherein, when a number of 
open listen connections falls below a first level, an event corresponding to a component failure is 
determined. 

152. (Original)The computer program product of Claim 150, wherein, when a number of 
open listen connections is above a second level, an event corresponding to a new component or 
unauthorized component is determined. 

153. (Previously Presented) The computer program product of Claim 143, wherein said 
second agent reports on network activity in accordance with a set of rules, said rules including at 
least one rule indicating events that are normal activity in a business network are flagged as 
suspicious in said industrial network. 

154. (Original) The computer program product of Claim 153, wherein said events 
include at least one of: an event associated with a web browser, and an event associated with e- 
mail. 
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155. (Original) The computer program product of Claim 143, wherein said second agent 
reports on an address binding of a physical device identifier to a network address if the physical 
device identifier of a component was not previously known, or said network address in the 
address binding is a reassignment of said network address within a predetermined time period 
since said network address was last included in an address binding. 

156. (Original) The computer program product of Claim 143, wherein said second agent 
reports second data about a firewall, and said second data includes at least one of: a change to a 
saved firewall configuration corresponding to a predetermined threat level, a change to a current 
set of firewall configuration rules currently controlling operations between said industrial 
network and said other network. 

157. (Original) The computer program product of Claim 156, wherein log files associated 
with said firewall are stored remotely at a location on said second computer system with log files 
for said second computer system activity. 

158. (Original)The computer program product of Claim 143, wherein said second data 
includes at least one threat assessment from a source external to said industrial network. 

159. (Original)The computer program product of Claim 158, wherein said second data 
includes at least one of: a threat level indicator from a corporate network connected to said 
industrial network, a threat level indicator from a public network source, and a threat level 
indicator that is manually input. 
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160. (Original) The computer program product of Claim 142, further comprising code 

that: 

receives at least said first data by a receiver; 

authenticates said first data as being sent by said first agent; and 

processes, in response to said code that authenticates, said first data by said receiver. 

161. (Original)The computer program product of Claim 160, wherein said code that 
authenticates includes at least one of: code that verifies use of said first agent's encryption key 
and checks validity of a message checksum, and code that uses a timestamp or sequence number 
to detect invalid reports received by said receiver as being sent from said first agent. 

162. (Original) The computer program product of Claim 142, wherein said code that 
reports uses a threshold size indicating an amount of data that said first agent is permitted to 
transmit in a fixed periodic reporting interval. 
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163. (Previously Presented) The method of Claim 121, wherein a second agent reports 
about communications within said industrial network, said second agent reporting on network 
activity in said industrial network in accordance with a set of rules, said rules including at least 
one rule defining an acceptable message, and the method further comprising: 

receiving, by said second agent, a message; 

determining if said message is undesirable in accordance with said at least one rule; and 
reporting said message as undesirable if said message is not determined to be in 
accordance with said at least one rule. 

164. (Original) The method of Claim 163, further comprising: 

defining another rule for use in said determining if an additional message type is 
determined to be acceptable in said network. 
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165. (Previously presented) The computer program product of Claim 142, wherein a 
second agent reports about communications within said industrial network, said second agent 
reporting on network activity in said industrial network in accordance with a set of rules, said 
rules including at least one rule defining an acceptable message, and the computer program 
product further comprising code that: 

receives, by said second agent, a message; 

determines if said message is undesirable in accordance with said at least one rule 
defining an acceptable message; and 

reports said message as undesirable if said message is not determined to be in accordance 
with said at least one rule. 

166. (Original)The computer program product of Claim 165, further comprising code 

that: 

defines another rule for use in said determining if an additional message type is 
determined to be acceptable in said network. 

Claims 167. - 174. (Canceled) 

175. (Previously Presented) The method of Claim 129, wherein said number of open 
listen connections are the number of open listen connection with respect to all open listen 
connections of said first computer system. 
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176. (Previously Presented) The computer program product of Claim 150, wherein said 
number of open listen connections are the number of open listen connections with respect to all 
open listen connections of said first computer system. 

177. (Previously Presented) The method of Claim 121, wherein a plurality of agents 
execute on said first computer system and perform monitoring of said first computer system, said 
plurality of agents including a master agent executing on said first computer system, said master 
agent controlling execution of one or more others of said plurality of agents executing on said 
first computer system. 

178. (Previously Presented) The method of Claim 121, wherein said first agent performs 
reporting of said first data over said one way communication connection at an application level. 

179. (Previously Presented) The method of Claim 178, wherein said first computer 
system sends and receives messages at a network level lower than said application level to set up 
said one way communication connection. 

180. (Cancelled) 

181. (Previously Presented) The computer program product of Claim 142, wherein a 
plurality of agents execute on said first computer system and perform monitoring of said first 
computer system, said plurality of agents including a master agent executing on said first 
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computer system, said master agent controlling execution of one or more others of said plurality 
of agents executing on said first computer system. 

182. (Previously Presented) The computer program product of Claim 142, wherein said 
first agent performs reporting of said first data over said one way communication connection at 
an application level. 

183. (Previously Presented) The computer program product of Claim 182, wherein said 
first computer system sends and receives messages at a network level lower than said application 
level to set up said one way communication connection. 

184. (Cancelled) 
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185. (Previously Presented) The method of Claim 121 , wherein said first agent reports 
said first data to a server component, and the method further comprising: 

reporting second data by a second agent to said server component, said second agent 
monitoring said server component and executing on a same system as said server component. 

186. (Previously Presented) The method of Claim 121, wherein said first agent reports 
said first data to a server, and the method further comprising: 

reporting second data by a second agent to said server, said second agent monitoring said 
server and executing on said server; 

processing said first data and said second data at said server; and 

generating one or more notifications in accordance with said first and said second data. 

187. (Previously Presented) The computer program product of Claim 142, wherein said 
first agent reports said first data to a server component, and the computer program product 
further comprising code that: 

reports second data by a second agent to said server component, said second agent 
monitoring said server component and executing on a same system as said server component. 
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188. (Previously Presented) The computer program product of Claim 142, wherein said 
first agent reports said first data to a server, and the computer program product further 
comprising code that: 

reports second data by a second agent to said server, said second agent monitoring said 
server and executing on said server; 

processes said first data and said second data at said server; and 

generates one or more notifications in accordance with said first and said second data. 
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